AVP EAP-KEY name support in FR
Srinu Bandari
sbandari at vitesse.com
Wed Feb 13 10:59:37 CET 2013
Hi,
We are trying to bring up MACsec with Cisco and FR, and we are stuck because of Radius unable to send EAP-Key-Name AVP. Below is what is expected as per RFC4072
RFC4072 says "A home Diameter server receiving a
Diameter-EAP-Request with a Key-Name AVP with non-empty data MUST
silently discard the AVP. In addition, the home Diameter server
SHOULD include this AVP in Diameter-EAP-Response only if an empty
EAP-Key-Name AVP was present in Diameter-EAP-Request."
But radius server is not sending EAP-Key-Name AVP (Radius Attribute Type 102) even invalid AVP present in the Diameter-EAP-Request".
Below is the debug print of radius
Sending Access-Accept of id 647 to 10.20.64.9 port 1645
MS-MPPE-Recv-Key = 0x84e5c624c3bcdeadca3c6210f24bd7b8336921ccc1c58399d397afc75770332c
MS-MPPE-Send-Key = 0xa6c4860cc8092c251502f5adc3ee13586e05fe84cbbb8b6793b08d9523d12b1f
EAP-Message = 0x03060004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "user1"
Does anyone have clue on this.
Thanks,
Srinivas
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130213/e339f1c2/attachment.html>
More information about the Freeradius-Users
mailing list